Full rollout of DOD access cards delayed

Related Links

The Defense Department is behind schedule in its goal to distribute the Common Access Card to each soldier, sailor, airman and Marine, according to Ken Scheflen, director of the Defense Manpower Data Center.

DOD set a goal of October 2003 for distributing the new cards — complete with smart card technology and state-of-the-art encryption — to all active duty and Reserve forces. The schedule has been pushed back to at least April 2004 because of unforeseen delays. The card will allow physical access to secure areas, permit entry to DOD's computer networks and serve as the authentication token for DOD's computerized public-key infrastructure.

Although the need to deploy troops around the world slowed the process, the delay mostly came from the technology, Scheflen said. Each card can take a significant amount of time — from 15 minutes to more than an hour — to issue, largely because of downloading information to the card's embedded chip.

The program has issued 3.3 million cards, but it is still short of its goal of 4 million by later this month. The total number to be issued is unknown; they'll be issued to not only active duty and Reserves but also DOD civilians and contractors.

Because large numbers of troops need to be processed in a short period of time, the current procedure is to issue the old plastic identification card and get the CAC to the troops later.

"The next six months will see our commitment to developing central issuing capabilities that can be used by both high-volume sites and remote sites that may not have the technology to produce the cards," Scheflen said.

The CAC is on its way to becoming the de facto identification card for the department. Only a small number of cardholders use it for the cryptographic log-in or secure e-mail verification functions of which the cards are capable.

"How a person uses the card will depend more on what service they're in, where they are located and what their job is than who they are," Schlefen said. The Navy Marine Corps Intranet "is supposed to require a cryptographic log-on, so they will probably use the cards more."

Scheflen said the immediate job is to get the smart card readers onto the NMCI machines.

David Wennergren, the Navy's chief information officer and the DOD official spearheading the CAC rollout, admitted there is room for improvement with the rollout and the functionality offered to users.

"Change cannot happen in a day, but you need to put the tools into the hands of the users for change to happen at all," he said recently at a Computer Marketing Associates reception.

Wennergren said that not everybody will get immediate use from the card's functionality, and some may never use it. But, he added, the value of the card's capabilities cannot be denied.

At the same time, DOD officials are launching their Defense Cross-Credentialing Identification System, which will use the CAC technology to create a single identification system that can be used departmentwide and with civilian contractors.

The idea is that government employees and contractors shouldn't have to carry cards with them for every facility they have to visit.

Northrop Grumman Corp. will be the first to issue the new cards to 6,000 of its 120,000 employees.

"We are going to require the company to go back and look at its policies," said Kent Schneider, president of Northrop's Defense Enterprise Solutions business unit. "We had a card that wasn't fully compliant with the CAC standards, so we had to change some of our rules of engagement to meet the minimum standards."

***

DOD's Common Access Card

The Defense Department is working to provide all military personnel with Common Access Cards for physical and network access.

Program specifics include:

DOD budget for the CAC program in fiscal years 2000 and 2001: $78 million.